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(57) Abstract 

A method for secure data communication 
for use in an electronic commerce environment 
of the type having an authentication server (2), 
a web server (3) and an applet (5). Data com- 
munications between the authentication server, 
web server, applet and a secure private key 
server (4) is controlled by generating a certifi- 
cate-received signal, initiating an authentication 
request, requesting a server authentication certifi- 
cate, extracting the vendor public key, loading 
a client ceitificate into the applet and simulta- 
neously transmitting the client certificate to the 
audtentication server and receiving the client cer- 
tificate at the authentication server and extracting 
a client public key fnnn die client certificate and 
simultaneously extracting the client public key 
from ttie client certificate. This overcomes the 
problems associated wiA allowing a vendor ac- 
cess to a users private key. 
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1 

IMPROVEMENTS IN AND RELATING TO SECURE DATA TRANSMISSION 

The present invention relates to a secure data transmission and in particular to a method for 
ensuring the authenticity and privacy of data transmission between two or more computer 
5 systems. 

The business of selling products and services across conraiunication channels, such as the 
Internet, is now generally referred to as electronic commerce or "E-Commerce'\ Security 
and responsiveness are the principal concerns for users in all Ecommerce transactions. To 

10 provide this security, cryptography is normally used. Traditionally in cryptography, the 
sender and receiver of a data message both know and use the same secret key. The sender 
uses the secret key to encrypt the message and the receiver decrypts the message using the 
same secret key. This is known as symmetric cryptography. Symmetric cryptography 
requires the sender and receiver to agree on the secret key without a third party discovering 

15 the key. This can prove problematic when the sender and receiver are in separate physical 
locations, as a transmission medium, which cannot always be guaranteed, is required to 
communicate the secret key. If a third party intercepts the key in transit they can use the 
key to read, modify, or forge messages encrypted or authenticated using that key. This 
destroys user confidence in the transmission system and is therefore not ideally suited to 

20 Ecommerce applications. 

To overcome this problem, public-key cryptogr^hy has been developed. Public-key 
cryptosystems have two primary uses, encryption and digital signatures. In a public-key 
cryptosystem, used for encryption, sender and receiver each have a pair of keys, one called 

25 the public key and the other called the private key. The public key is published, while the 
private key is kept secret. The need for the sender and receiver to share secret information 
is eliminated as all data conmiunications involve only pubUc keys and no private key is 
ever transmitted or shared greatly increasing the trust level in the overall system. PubUc 
keys must, however, be associated with their users in an authenticated manner, In these 

30 types of systems, anyone can send a confidential message by just using public information 
and the message can only be decrypted with a private key, which is in the sole possession 
of the intended recipient. The problem with this system is that the private key is of 
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necessity, linked mathematically to the public key. Therefore, it is always possible to 
attack a public-key system to derive the private key from the public key. Typically, the 
defence against this is to make the problem of deriving the private key from the public key 
as difficult as possible. For example, many public-key cryptosystems are designed so that 
5 deriving the private key from the public key requires the attacker to factor a large number, 
it which case it is computationally infeasible to perform the derivation. 

As indicated above, public-key cryptography can also be used for authentication often 
referred to as digital signatures. To sign a message, a sender performs a computation 

10 involving both the sender's private key and the data message. The output is called a digital 
signature and is attached to the message. To verify the signature, the recipient does a 
computation involving the data message, the purported signature, and the sender's public 
key. If the result is correct according to a simple, prescribed mathematical relation, the 
signature is verified to be genuine, otherwise, the signature is fraudulent or the message 

1 5 may have been altered, 

A number of solutions to various aspects of public-key cryptosystems are known. For 
example, US Patent Nos. US 4,200,770 and US 4,218,582 (Helhnan et al) show encryption 
as well as a means of authentication using long-term pubhc keys as does US Patent No. 

20 4,405,829 (Rivest et al). All of the proposed solutions provide a high level of security, 

however, as Econmierce develops it is increasingly required that the senders private key be 
taken into a Vendor's software ^plet in an Ecommerce transaction to authenticate the 
purchase. The greatly reduces the consumers confidence in such transactions as the 
security of the private key is now in the hands of the vendor and beyond the control of the 

25 user. Additionally, it is possible to create code to transparently extract the private key and 
subsequently use the key for xmauthorised transactions. 

In an attempt to further enhance the security limitations described above, certification and 
certificates have been developed. These certificates allow for the possibility of accessing 
30 other public keys and making pubUc one's own public key in a manner, which allows 
legitimate retrieval of public keys but prevents impersonation. Such certificates require 
authentication of the identity and the public key of an individual before issuing a 
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certificate. Even using such certificates, users are still required to store their private keys 
securely, so no intruder can obtain theni, yet the keys must be readity^^^ 
legitimate use. Therefore, passing a private key for authentication to a vendor 
fundamentally compromises system integrity in a manner, which is unacceptable to most 
5 users. 

There is therefore a need for method for secure data communication, which will overcome 
the aforementioned problems. 

10 Accordingly, there is provided a method for secure data communication for use in an 

Ecommerce environment of the type having an authentication server, a web server and an 
applet, the method controlling data conraiunications between the authentication server, web 
server, applet and a secxire private key server, the method performing the steps of: - 

15 downloading the applet jfrom a vendor web site in response to a data 

communication request; 

requesting a copy of a vendor certificate bom the web site; 

20 extracting a data response to generate a certificate-received signal; 

automatically initiating an authentication request for transmission to the 
authentication server; 

25 interrogating the authentication server and requesting return transmission of a 

server authentication certificate; 

transmitting a vendor certificate to the applet; 

30 automatically extracting the vendor public key fi-om the vendor certificate within 

the applet; 
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loading a client certificate into the applet and simultaneously transmitting the client 
certificate to the authentication server; and 

receiving the chent certificate at the authentication server and extracting a client 
5 public key fi-om the client certificate and simultaneously automatically extracting 

the client public key fi*om the client certificate by the applet. 

Preferably, the method comprises the fiirther steps of: - 

10 initialising the secure private key server; 

loading a certificate into the secure private key server; 

loading a client private key into the secure private key server; 

15 

generating an auto authenticate signal for transmission to the authentication server 
requesting initialisation of a new authentication process; 

retrieving a predefined text string firom a local memory using the authentication 
20 server and encrypting the text string to generate a cipher text string using the client 

public key on receipt of the authenticate signal; 

transmitting a cipher text string to the applet, receiving the cipher text string firom 
the authentication server and routing the cipher text string to the secure private key 
25 server; 

decrypting the cipher text string to extract a decrypted text string using the cUent 
private key and transferring the decrypted text string to the applet; 

30 encrypting the decrypted text string received ft^om the secure private key server 

with the vendor public key extracted fi^om the vendor certificate to generate a 
vendor encoded text string; 
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sending the vendor encoded text string to the authentication server, decrypting the 
encoded text string to generate an authentication text string using the vendorpriyate 
key; and 

5 comparing the authentication text string and the predefined text string to generate a 

match / no match signal and in response to a no match signal terminating 
communication or in response to a match signal for further authenticated data 
communications. 

1 0 According to another aspect of the invention there is provided a method of generating a 
certificate operating in a data communication system having a web server, a certification 
authority, an applet and a secure private key server the method performing the steps of: - 

gathering certification information in the applet and transmitting the information to 
15 the secure private key server; 

generating a key pair in the secure private key server on receipt of the packaged 
information and a certificate created using the generated key pair; and 

20 returning the certificate to the applet for onward transmission to the certification 

authority for signature. 

The invention will now be described with reference to the accompanying drav/ings, which 
show, by way of example only, a method for secure data conmiunication in which: - 

25 

Fig.l is a block diagram showing an Ecommerce environment implementing a 
method for secure data communication in accordance with the invention; 
and 

30 Fig.2 is a block diagrammatic view of a method of generating a certificate for use 

in the invention. 
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Referring to the drawings and initially to Fig. 1 there is shown a block diagram illustrating 
a method for secure data communication in accordance with the invention indicated 
generally by the reference numeral 1. In order to aid clarity, references to specific 
computer systems, performance details, communications media, protocols, timing, ports 
5 and the like have been omitted. It will be appreciated, by those skilled in the art, that the 
uivention may be implemented in a large number of ways including software, firmware or 
incorporation in an electronic commerce chip (ECC) without departing fi^om the scope of 
the invention. An exhaustive recitation of possibilities would only serve to unnecessarily 
obscure the current invention. 

10 

The method for secure data communication 1 is illustrated in use in an Ecommerce 
environment having an authentication server 2, a web server 3, a secure private key server 
4 and an applet 5. 

15 In operation, the method begins by downloading the applet 5 firom a vendor web site in 
response to a data communication request to purchase a service or product. The applet 5 
then requests a copy of the vendor's certificate fi^om the web site. Upon receiving a data 
response from the web site the certificate is extracted to generate a certificate-received 
signal. The certificate-received signal causes the applet to automatically initiate an 

20 authentication request, transmitted to the vendor's authentication server. This 
authentication request interrogates the authentication server and requests return 
transmission of a server authentication certificate. When this sequence has been completed 
without transmission error, the vendor then transmits a vendor certificate to the applet. The 
vendor's public key is automatically extracted firom the vendor certificate within the applet 

25 upon receipt. The client then loads a client certificate into the applet and simultaneously 
transmits the cUent certificate to the authentication server. The Authentication Server 
receives the chent certificate and extracts a client public key from the client certificate. At 
the same time, the client public key is automatically extracted from the client certificate by 
the applet. 

30 

Once these steps have been successfiilly completed, authentication begins by initialisation 
of the secure private key server 4. The ctient loads his/her ovra certificate into the secure 
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private key server. A client private key is then loaded into the secure private key server 4 
generating an auto authenticate signal for transinission to the authentica^^ 
requesting initialisation of a new authentication process. 

5 The authentication server retrieves a predefined text string from a local memory and 

encrypts the text string to generate a cipher text string using the client public key on receipt 
of the authenticate signal. This cipher text string is then transmitted to the applet for 
further processing* The applet receives the cipher text string fi'om the authentication server 
and routes the cipher text string to the secure private key server. 

10 

When the secure private key server receives the entire cipher text string it decrypts the 
cipher text string to extract a decrypted text string using the client private key. The 
decrypted text string is then transferred to the applet. 

15 The ^pp\ti in turn encrypts the decrypted text string received from the secure private key 
server with the Vendor public key extracted from the vendor certificate described above to 
generate a vendor encoded text string. 

The vendor encoded text string is then sent to the authentication server for processing. 

20 When the encoded text string is received it is immediately deciypted to generate an 

authentication text string using the vendor private key. A comparison is then performed 
between the authentication text string and the predefined text string from a local memory to 
generate a match / no match signal. If a no match signal is generated, data conmiuiiication 
is terminated, however, a match signal shows that the client has been authenticated and the 

25 cUent can proceed to use the j^plet for fiirther data communications. 

fri this way, the private key critical to such data commxmication is never beyond the user's 
control enhancing confidence in the overall communication system. As the private key is 
never stored on a vendors system it is not susceptible to attacks from individuals intent on 
30 fraudulent use of the key. 

It will be understood that when the invention is enacted in software that the code required 
is minimal by comparison with currently available alternatives. Additionally, to fiirther 
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promote consumer confidence in the security of the private key, it is intended to supply 
source code, which may be compiled by the user. This will allow customers to view the 
code and ensure no unauthorised caching or transmission of the private key occurs. 



5 Referring now to Fig. 2 there is illustrated a method of generating a certificate for use in 
the invention indicated generally by the reference numeral 20. The method 20 operates in 
a data communication system having a web server 21, a certification authority 22, an ^plet 
23 and a secure private key server 24. 

10 hi use to produce a certificate, the applet 23 gathers the required information about the 
person or entity requesting certification. When the applet has gathered the necessary 
information it is automatically packaged and transmitted to the secure private key server 
24. A key pair is generated in the secure private key server 24 on receipt of the packaged 
information and a certificate created using the generated key pair. The certificate is then 

15 returned to the applet for onward transmission to the certification authority for signature. 



It will be understood that subsequent to correct authentication any fiuther encryption or 
decryption process requiring the private key will be processed by the secure private key 
server so that the advantages described continue. 

20 

It will further be understood that one form of certificate contains the users identitiy, the 
users private key and the users public key and that another form contains only the users 
identity and public key. The certificate containing the users private key is available only to 
the secure private key server and the other certificate is passed to the applet. It will also be 
25 understood that when the vendor sends its certificate to the applet that this does not contain 
a private key. 

It will of course be understood that the invention is not limited to the specific details as 
herein described, which are given by way of example only, and that various alterations and 
30 modifications may be made without departing fi-om the scope of the invention. 
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CLAIMS: 

1 . A method for secure data communication for use in an electronic commerce 

environment of the type having an authentication server (2), a web server (3) and an 
5 applet (5) characterised in that the method controls data conununications between 

the authentication server, web server, applet and a secure private key server (4) by 
performing the steps of; - 

downloading the applet from a vendor web site in response to a data 
1 0 communication request; 

requesting a copy of a vendor certificate from the web site; 

extracting a data response to generate a certificate-received signal; 

15 

automatically initiating an authentication request for transmission to the 
authentication server; 

interrogating the authentication server and requesting return transmission of 
20 a server authentication certificate; 

transmitting a vendor certificate to the applet; 

automatically extracting the vendor public key from the vendor certificate 
25 Mithin the applet; 

loading a client certificate into the applet and simultaneously transmitting 
the client certificate to the authentication server; and 



30 



receiving the client certificate at the authentication server and extracting a 
client public key from the client certificate and simultaneously 
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automatically extracting the client public key from the client certificate by 
the applet 

2. A method as claimed in claim 1 comprising the further steps of: - 

5 

initialising the secure private key server, 

loading a certificate into the secure private key server; 

1 0 loading a client private key into the secure private key server; 

generating an auto authenticate signal for transmission to the authentication 
server requesting initialisation of a new authentication process; 

15 retrieving a predefined text string from a local memory using the 

authentication server and encrypting the text string to generate a cipher text 
string using the client public key on receipt of the authenticate signal; 



transmitting a cipher text string to the ^plet, receiving the cipher text string 
20 from the authentication server and routing the cipher text string to the secure 

private key server; 



decrypting the cipher text string to extract a decrypted text string using the 
client private key and transferring the decrypted text string to the applet; 

25 

encrypting the decrypted text string received from the secure private key 
server with the vendor public key extracted from the vendor certificate to 
generate a vendor encoded text string; 

30 sending the vendor encoded text string to the authentication server, 

decrypting the encoded text string to generate an authentication text string 
using the vendor private key; and 
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comparing the authentication text String and the pre^ 
generate a match / no match signal and in response to a no match signal 
terminating communication or in response to a match signal for fiurther 
5 authenticated data commmiications. 



3. A method of generating a certificate operating in a data communication system 
having a web server, a certification authority, an applet and a secure private key 
server by performing the steps of: - 

10 

gathering certification information in the applet and transmitting the 
information to the secure private key server; 



gena^ng a key pair in the secure private key server on receipt of the 
1 5 packaged information and a certificate created using the generated key pair, 

and 



returning the certificate to the applet for onward transmission to the 
certification authority for signature. 

20 



4. 



A method substantially as herein described with reference to and as shown in the 
accompanying drawings. 



Pcr/iE<w)/ooo5o 



wo 00/67447 



1/2 




PCT/IEOO/00050 



WO 00/67447 

2/2 




INTERNATIONAL SEARCH REPORT 



Into onal Application No 

PCT/IE 00/00050 



A. CLASSIFICATION OF SUBJECT MATTER 

IPC 7 H04L29/06 



Aooonjing to Intemationat Patent Classtfication (IPC) or to both national dassificaticn and IPC 



B.HEtDS SEARCHED 



Minimum <loci*nentation searched (classification system followed by classification symbols) 

IPC 7 H04L 



Documentation searched other than minimum documentation to the extent that such documents are included in the fields searched 



aectronic data base ccxisulted during the intemational search (name of data base and. where practical, search teims used) 

EPO-Internal , WPI Data, PAJ, INSPEC, IBM-TDB 



C OOCUWEMTS CONSIDERED TO BE RELEVAtfT 



1 Categoiy° 


Citation of doainent, with indicalion. where appropriate, of ttie relevant passages 


Relevant to daim No. 


A 


WO 99 05813 A (VISTO CORP) 


1-3 




4 February 1999 (1999-02-04) 






abstract 






page 2, line 14 -page 3, line 5 






page 3, line 12 -page 4, line 5 






page 7, line 5 - line 11 






page 7, line 21 -page 8, line 5 






page 8, line 22 -page 9, line 5 






page 13, line 11 - line 14 




A 


EP 0 817 103 A (SUM MICROSYSTEMS INC) 


1-3 




7 January 1998 (1998-01-07) 






abstract 






page 2, column 2, line 26 -page 3, column 






3, line 5 






page 4, column 6, line 8 - line 41 






-/- 





Further documents are listed in the continuation of box C 



ID 



Patent family meml>ers are listed in annex. 



' Special categories of cited documents : 

'A" documerrt defining the genera) state of the art which is not 

considefed to be of particular relevance 
"E" earlier document but published on or after the intematiorkal 
filing date 

"L" document which may throw doubts on priority claim(s) or 
which is cited to establish the publication date of another 
citation or other special reason (as specified) 
"O' document referring to an oral disclosure, use, exhibition or 
other means 

"P" document published prior to the intemational filing date but 
later than the priority date claimed 



T later document puiDlished after the intemational filing date 
or priority date and not in conflict with the application but 
cited to understand the prirwtple or theory underiying tfw 
invention 

'X' doctiTtenl of particular relevance; the claimed invention 
cannot be considered novel or cannot be considered to 
involve an inventive step when the document is taken alone 

"Y" document of particutar relevance; the claimed invention 

cannot be considered to involve an inventive step when tfie 
document is combined with one or more other such docu- 
ments, such combination being obvious to a person skilled 
in the art 

document member of the same patent family 



Date of the actual comptetion of the international search 

11 September 2000 



Date of maifing of the intemational search report 

22/09/2000 



Name and mailing address of the ISA 

European Patent Office. P.B. 581 B Patentlaan 2 
NL - 2280 HV Rijswijk 
Tel. (+31-70) 340-2040. Tx. 31 651 eponl. 
Fax: (+31 -70) 340-301 6 



AutfK>rized officer 



Adkhis, F 



Rvm PCT/ISA/210 (second sheet) (July 1992) 



page 1 of 2 



INTERNATIONAL SEARCH REPORT 



Inh Jonat Apptlcatlon No 

PCT/IE 00/00050 



a(Conthuatk>n) DOCUMENTS CONSIDERED TO BE RELEVANT 



Category I Citation of document, with indication.where appropriate, of the relevant passages 



Relevant to dakn No. 



PAONE J: "PKI provides a base for secure 
transactions" 

COMPUTERS & SECURITY. INTERNATIONAL 
JOURNAL DEVOTED TO THE STUDY OF TECHNICAL 
AND FINANCIAL ASPECTS OF COMPUTER 
SECURITY, NL.ELSEVIER SCIENCE PUBLISHERS. 
AMSTERDAM, 

vol. 16, no. 7, 1997, pages 620-621, 
XP004099324 
ISSN: 0167-4048 
the whole document 



1-3 



Form PCT/ISA/210 (oontnualton ot second sheet) (July 1992) 



page 2 of 2 



INTERNATIONAL SEARCH REPORT 



tntc lonal Application No 

PCT/IE 00/00050 



Patent document 
cited in search report 



Publication 
date 



Patent family 
member(s) 



Publication 
date 



wo 9905813 



04-02-1999 



NONE 



EP 0817103 



07-01-1998 



US 
JP 



5953005 A 
10232841 A 



14-09-1999 
02-09-1998 



Form PCT/ISA/210 (patont tBrniy annex) {J^iy 1 992) 



